.TH "CVE\-CHECK\-TOOL" "1" "" "cve\-check\-tool 1" "cve\-check\-tool"

.SH "NAME"
cve\-check\-tool \- Check distribution source packages for CVEs

.SH "SYNOPSIS"
.HP \w'\fBcve\-check\-tool\fR\ 'u
\fBcve\-check\-tool\fR [OPTIONS...] FILE

.SH "DESCRIPTION"
.PP
\fBcve\-check\-tool\fR
is used to check for Common Vulnerabilities and Exposures (CVE) in
Linux distribution source packages.
You may pass the path of a source package directly, or a path to file
which lists all package paths. When using a packages file, ensure that
it is named 'packages'. In both instances, autodetection is used
on the package type. Recursion matching is only supported when you have
explicitly set \fB\-\-type\fR.

.SH "OPTIONS"
.PP
The following options are understood:
.PP
\fB\-h\fR, \fB\-\-help\fR
.RS 4
Prints a help message\&.
.RE
.PP
\fB\-n\fR, \fB\-\-not\-patched\fR
.RS 4
Suppress reports for patched packages\&.
.RE
.PP
\fB\-t\fR, \fB\-\-type\fR TYPE
.RS 4
Force the type of package, ignoring detection\&.
Available types can be determine by using this option with
\fBlist\fR as a parameter.
Note that forcing a package type will enable recursive searching for
source packages, by passing a directory as the argument to \fBcve\-check\-tool\fR
.RE
.PP
\fB\-s\fR, \fB\-\-srpm\-dir\fR
.RS 4
Set a source rpm directory to use with packages files. \fBcve\-check\-tool\fR will
expect a tab delimited input file, with the name, version and release on each line.
Source rpm files are required to exist when using this option.
.RE
.PP
\fB\-u\fR, \fB\-\-skip\-update\fR
.RS 4
Do not update NVD database. \fBcve\-check\-tool\fR will use old data if
it exists, however this will not give up to the present data. Note also
the tool will fail to run in the absence of any initial data.
.RE
.PP
\fB\-m\fR, \fB\-\-modified\fR DATE
.RS 4
Set the modification date for which any report should be ignored, if it
falls on or after this date. Full date formats including the time are
supported.
.RE
.PP
\fB\-N\fR, \fB\-\-no\-html\fR
.RS 4
Suppress generation of HTML report\&.
.RE
.PP
\fB\-c\fR, \fB\-\-csv\fR
.RS 4
Enter silent mode and only produce CSV output\&.
.RE
.PP
\fB\-a\fR, \fB\-\-not-affected\fR
.RS 4
Report status for all packages, regardless of whether or not they are
affected by a CVE. This is useful when doing full repository audits.
.RE
.PP
\fB\-o\fR, \fB\-\-output-file\fR
.RS 4
Set the path to the output file of \fBcve\-check\-tool\fR. This is only used
by plugins that would normally output to stdout (such as csv, cli and html).
.RE
.PP
\fB\-v\fR, \fB\-\-version\fR
.RS 4
Print the version of \fBcve\-check\-tool\fR and exit\&.
.RE

.SH "EXIT STATUS"
.PP
On success, 0 is returned, a non\-zero failure code otherwise\&


.SH "COPYRIGHT"
.PP
Copyright 2015 Intel Corporation\&. License: Creative Commons
Attribution\-ShareAlike 3.0 Unported\s-2\u[1]\d\s+2\&.

.SH "NOTES"
.IP " 1." 4
Creative Commons Attribution\-ShareAlike 3.0 Unported
.RS 4
\%http://creativecommons.org/licenses/by-sa/3.0/
.RE
